In today’s world, threat actors are always circling, looking for any signs of weakness to snatch away valuable data from the bottomless pile of SaaS products that cluttering our phones and computers.

While these products make our lives easier in countless ways, they also come with a trade-off: you hand over personal data, trusting the vendor to keep it safe.

And while you might not be the intended target of these attacks, the reality is that with the modern day digital footprint each one of us carries, it doesn’t take much to be caught in the crossfire.

What may seem obvious for security professionals is not always obvious to the masses (something I’ve come to realize recently. And what you may not know is that securing your own precious data is not as difficult as you might expect.

What feels second nature to security professionals often isn’t obvious to everyone out there - and I’ve been reminded of that more than once lately.

The good news? Securing your data isn’t nearly as hard as you might think.

You don’t need to overhaul your life to protect your digital assets. Small, intentional changes make big differences.

My philosophy is simple: make yourself a harder target than the person next to you. If an attacker sees you or your accounts as too much work, they’ll move on to an easier mark.

If I were building my personal security posture from scratch today, these are the 40 steps I’d take to do it.

Essentials

These are those practical habits everyone should do, even if you’re not tech savvy.

1. Enable Two-Factor Authentication (Impact: 9/10 | Effort: 4/10): 2FA adds a second barrier of authentication to your accounts. Even if your password is stolen, attackers still need the second factor, drastically reducing your risk of compromise.

2. Use a Password Manager (Impact: 9/10 | Effort: 5/10): Use your password manager to generate strong, unique passwords for every account and remove the need to memorize them. This prevents one breach from endangering multiple of your accounts.

3. Update Your Devices Regularly (Impact: 8/10 | Effort: 2/10): Software updates patch vulnerabilities attackers actively exploit, and delaying updates leaves you exposed to known threats. Just set your devices to update while you sleep!

4. Don’t Reuse Passwords (Impact: 8/10 | Effort: 4/10): Reusing passwords allows one breached account to unlock many others. Unique passwords stop attackers from snowballing their access to your entire account portfolio.

5. Avoid Clicking Unknown Links (Impact: 8/10 | Effort: 3/10): While it may sound obvious, suspicious links in emails or texts can lead to phishing sites or malware. Hover before clicking and verify the sender. Or, just navigate directly to the site in your browser.

6. Use Unique Security Questions & Answers (Impact: 7/10 | Effort: 3/10): Real answers are often guessable or public. Use fake but memorable answers stored in your password manager for stronger account recovery security.

7. Check Website URLs Before Entering Credentials (Impact: 8/10 | Effort: 2/10): Phishing sites mimic legitimate ones. Quickly check the URL to ensure you’re on the real domain before logging in.

8. Install Antivirus/Endpoint Protection (Impact: 7/10 | Effort: 4/10): These software offerings detect and block malware before it can damage your system or steal your information. Some are even free!

9. Log Out on Shared Devices (Impact: 6/10 | Effort: 3/10): Prevents others from accessing your accounts when using shared computers, phones, or tablets.

10. Use + Email Aliasing (Impact: 6/10 | Effort: 5/10): Adding +sitename to your email before the “@” lets you see where spam originates and limits damage if one account is compromised, all while still receiving email at the same email address.

Securing Your Digital Footprint

If you want more control over how your data is spread online, prioritize these actions.

11. Google Yourself Regularly (Impact: 7/10 | Effort: 3/10): Search your name to see what personal details are floating around online. If you find something sensitive, take steps to get it removed before an attacker finds it first.

12. Limit Public Social Media Info (Impact: 8/10 | Effort: 4/10): Your vacation pics and work updates can double as a goldmine for social engineers. Keep personal details locked down and share selectively. If you’re really serious, make all of your accounts private.

13. Remove Old Accounts You Don’t Use (Impact: 7/10 | Effort: 5/10): Every forgotten account is a potential breach waiting to happen. Shut them down and shrink your digital footprint.

14. Avoid Oversharing in Public Posts (Impact: 8/10 | Effort: 3/10): Birthdays, addresses, even your favorite coffee shop are all clues a highly motivated hacker could piece together. Don’t give them the puzzle pieces.

15. Opt Out of Data Broker Sites (Impact: 9/10 | Effort: 6/10): Sites like Whitepages and Spokeo sell your personal info to anyone who pays. Use opt-out guides or services to make yourself harder to find.

16. Use Disposable Emails for Sign-Ups (Impact: 7/10 | Effort: 4/10): For one-off sign-ups, use disposable addresses to keep spam and trackers out of your main inbox.

17. Use Different Profile Pictures (Impact: 3/10 | Effort: 3/10): Reverse image searches can link accounts you thought were separate. Switch up your photos to keep them unconnected.

18. Revoke Permissions from Unused Apps (Impact: 7/10 | Effort: 4/10): Old apps can still track you or access your data long after you stop using them. Cut them off before they become a liability.

19. Clear Old Cloud Storage Files (Impact: 6/10 | Effort: 5/10): Sensitive files in cloud storage are easy to forget about—and easy for attackers to grab if they get in. Clean house regularly.

20. Separate Work and Personal Accounts/Devices (Impact: 8/10 | Effort: 5/10): One compromised login shouldn’t take down your whole life. Keep work and personal data in their own lanes.

    ---

- Today’s Sponsor -

Navigating personal digital security can feel overwhelming. SecuriBeat makes it easy by breaking down complex security practices into simple, actionable steps so you can build confidence in your cybersecurtiy decisions. Use the Security Dashboard to visualize your footprint over 15+ categories, understand your risk level, and track your progress over time. Take control of your digital footprint today.

Learn More

Privacy Habits

If you want to stay off the radar and keep your data private, start implementing these behaviors.

21. Use a Privacy-Focused Browser (Impact: 8/10 | Effort: 4/10): Browsers like Brave and Firefox block trackers by default, keeping advertisers from quietly building a file on you.

22. Install Tracker-Blocking Extensions (Impact: 8/10 | Effort: 3/10): Tools like uBlock Origin and Privacy Badger cut off advertisers and data brokers at the source.

23. Use a VPN on Public Wi-Fi (Impact: 9/10 | Effort: 4/10): Public hotspots are hacker hunting grounds. A VPN encrypts your traffic so no one can spy on your data.

24. Turn Off Location Tracking When Not Needed (Impact: 7/10 | Effort: 3/10): Your phone doesn’t need to log your every move. Disable always-on location tracking for all your apps and opt for “only while using” options.

25. Use Encrypted Messaging Apps (Impact: 9/10 | Effort: 3/10): Signal and WhatsApp use end-to-end encryption to keep your conversations private - even from the platform itself.

26. Disable Ad Personalization (Impact: 6/10 | Effort: 3/10): Tell Google, Facebook, and friends to stop profiling you for “better” ads. You’ll still see ads, just less that make you feel like these platforms are listening.

27. Avoid Linking Accounts Across Services (Impact: 8/10 | Effort: 6/10): If that master account gets breached, you’ll experience a cascade across every account you own. Keep them siloed and link selectively.

28. Use Privacy-Friendly Search Engines (Impact: 7/10 | Effort: 2/10): DuckDuckGo, Startpage, or Kagi won’t turn your searches into ad targeting profiles.

29. Use Burner Numbers for Sign-Ups (Impact: 7/10 | Effort: 4/10): Google Voice and similar services keep your real number out of marketers’ and scammers’ hands.

30. Encrypt Your Hard Drive (Impact: 9/10 | Effort: 5/10): Disk encryption makes sure your data stays locked away, just in case you lose your laptop.

The Next Level

For those of you who want to go all-in on security best practices, these are for you.

31. Enable hardware security keys for logins (Impact: 10/10 | Effort: 7/10): Physical keys like YubiKey or Titan provide the strongest defense against phishing, ensuring only someone with the key can log in.

32. Segment your home network (Impact: 8/10 | Effort: 8/10): Place IoT devices (smart bulbs, cameras, speakers) on a separate Wi-Fi network from your computers and phones to limit the blast radius if one is compromised.

33. Run regular security audits on your accounts (Impact: 9/10 | Effort: 6/10): Review login history, connected devices, and suspicious activity to catch problems early.

34. Review and rotate passwords every 6–12 months (Impact: 7/10 | Effort: 7/10): Refreshing credentials reduces exposure from breaches that may not yet be public.

35. Use email forwarding rules for breach monitoring (Impact: 7/10 | Effort: 5/10): Set up rules to flag suspicious incoming messages, helping you spot breaches and phishing faster.

36. Set up alerts for your name and email on breach databases (Impact: 8/10 | Effort: 3/10): Use HaveIBeenPwned or similar to get notified when your information shows up in a breach.

37. Sandbox suspicious files (Impact: 9/10 | Effort: 8/10): Open unknown files in an isolated, secure environment to check for malware without risking your main system.

38. Use virtual machines for risky browsing (Impact: 9/10 | Effort: 7/10): Contain high-risk activity (like downloading from untrusted sites) in a disposable VM to protect your main OS.

39. Disable macros in Office documents by default (Impact: 8/10 | Effort: 3/10): Macros are a top malware delivery method. Keeping them off blocks a huge attack vector, although it may cause some friction in your workflow.

40. Create an “If I’m hacked” response plan (Impact: 10/10 | Effort: 5/10): A personal incident response plan helps you react quickly, secure accounts, and limit damage if the worst happens.

    ---

The Cybersec Café Discord is officially live! Join a growing community of cybersecurity professionals who are serious about leveling up. Connect, collaborate, and grow your skills with others on the same journey. From live events to real-world security discussions — this is where the next generation of defenders connects. Join for free below.

Join Now!

Personal security is a commitment, but it doesn’t have to be overwhelming.

Even tackling just the 20 easiest steps from this list can put you ahead of 90% of people out there.

Start small, chip away at them one by one, you’ll feel that background anxiety start to fade and be replaced with the confidence that you’ve made yourself a much harder target.

Securely Yours,

Ryan G. Cox

P.S. The Cybersec Cafe follows a weekly cadence.

Each week, I deliver a Deep Dive on a cybersecurity topic designed to sharpen your perspective, strengthen your technical edge, and support your growth as a professional - straight to your inbox.

. . .

For more insights and updates between issues, you can always find me on Twitter/X or my Website. Let’s keep learning, sharing, and leveling up together.